How To Setup SSH Keys

Ssh is a protocol designed to make network connections between hosts secure. Ssh is de facto standard for Linux and related operating system. Ssh encrypts the connection between sides. Ssh gives terminal access between host and server.

To get a terminal there need to be an authentication process. The authentication process is generally password based but there are some caveats for password based authentication. Brute force attacks can guess the password and gives access to the server.

To make things more secure key based authentication can be used. It is far more secure and practical to used in logins or batch operations.

Creating Key Pairs

We will create key pairs. We may ask yourself why pair. Isn’t 1 key enough. In Asymmetric cryptography key pairs where each if different is used to complete each other. One key is named public which is known by public. One key is named private and only known by owner.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

$ssh-keygen-trsa

Generating public/privatersa key pair.

Enter file inwhich tosave the key(/root/.ssh/id_rsa):

/root/.ssh/id_rsa already exists.

Overwrite(y/n)?y

Enter passphrase(empty forno passphrase):

Enter same passphrase again:

Your identification has been saved in/root/.ssh/id_rsa.

Your publickey has been saved in/root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:rbZajbpvPo+hyOieFQRZLNtbHTqxAOBPK4I+01GjmUgroot@snap

The key'srandomart image is:

+---[RSA2048]----+

|..o=.|

|.o.o..|

|E=.+=.|

|o=.B *..|

|ooB.o.S.|

|ooo.+|

|+..*.|

|o=.=o+|

|o=o=*=o.|

+----[SHA256]-----+

We have created a key pair based RSA algorithm. Our key pairs are 2048 bit. So is more secure as long as more longer key size. We can protect our key pair with passphrase but it is not practical for most situations. Our key pair is located by default users home directories .ssh file.

/usr/bin/ssh-copy-id:INFO:attempting tolog inwith the newkey(s),tofilter out any that are already installed

/usr/bin/ssh-copy-id:INFO:1key(s)remain tobe installed--ifyou are prompted now it istoinstall the newkeys

root@192.168.122.137's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.122.137'"

andcheck tomake sure that only the key(s)you wanted were added.

We use ssh-copy-id command to add our key for the root user in the remote server whose ip address is 192.168.122.137 . After adding our key we can login remote server without entering passphrase/password like this.